Pulse Detail — Threat Intelligence

PULSE NAME

LummaC2 Stealware

WHITE feisty-swim1410 2023-11-16 Modified: 2023-12-16

IOCs

HIGH VOLUME

The LummaC2 stealer malware strain has been identified as being used by threat actors operating under different aliases, according to a report published by the UK-based security firm Verdant.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1005 T1012 T1053 T1059 T1082 T1102 T1112 T1120 T1489 T1491 T1543 T1547 T1552 T1553 T1562 T1564

MALWARE FAMILIES

RedLine SectopRAT LummaC2

Indicators of Compromise (20 / 82 total)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://acexoss.xyz/	—	2023-11-16
URL	http://balancelag.xyz/	—	2023-11-16
URL	http://checkgoods.xyz/	—	2023-11-16
URL	http://coolvtf.xyz/	—	2023-11-16
URL	http://costexcise.xyz/	—	2023-11-16
URL	http://coursenote.xyz/	—	2023-11-16
URL	http://doorblu.xyz/	—	2023-11-16
URL	http://fisholl.xyz/	—	2023-11-16
URL	http://freeace.xyz/	—	2023-11-16
URL	http://frogswordsale.xyz/	—	2023-11-16
URL	http://gapi-node.io/	—	2023-11-16
URL	http://gitarlessonfinger.xyz/	—	2023-11-16
URL	http://glitchmoon.xyz/	—	2023-11-16
URL	http://goldenwalstk.xyz/	—	2023-11-16
URL	http://marketsale.xyz/	—	2023-11-16
URL	http://netforyou.xyz/	—	2023-11-16
URL	http://quotamoney.xyz/	—	2023-11-16
URL	http://singlesfree.xyz/	—	2023-11-16
URL	http://survviv.xyz/	—	2023-11-16
URL	http://woodcat.xyz/	—	2023-11-16

References (1)

↗ https://www.quorumcyber.com/wp-content/uploads/2023/09/Quorum-Cyber-Lumma-Stealer-Malware-Report-TI.pdf